Join me for another OAuth & OIDC masterclass. We will cover use cases, complexities, latest best practices, and high-security configuration options for OAuth in 4 live 3-hour sessions.
Early bird discount available for 10 more days buff.ly/wLedqA2 #appsec
SecAppDev is now on Bluesky. If you want to stay up to date, make sure you follow us!
This cheat sheet gives you an overview of current best practices for using OAuth 2.0. Grab a PDF copy here (buff.ly/4jCred1). If you want to learn more about these topics, this masterclass covers it all! buff.ly/3PnrZJ6 The early-bird rate has been extended for a few more days, so grab a ticket now!
Today, I'm doing back-to-back talks at NDC Security 2025. In this second talk, I'm discussing how a previous talk at NDC resulted in me joining as a co-author of the OAuth spec for browser-based apps. Grab the slides here: https://buff.ly/4fMgG8Z #appsec #infosec
I am talking about API security at NDC Security 2025. Using real-world cases, we discuss a couple of do's and don'ts that can help you secure your APIs. You can grab a copy of the slides here: https://buff.ly/46TtghZ #appsec #infosec
I do have a couple of online courses available (courses.pragmaticwebsecurity.com). This live course is the most up-to-date version, which will eventually make it into the online courses (but that's an intense and time-consuming process).
I am kicking off 2025 with a new live interactive training on OAuth 2.0 and OIDC. This course covers the latest best practices for browser-based apps, API security, and high-security OAuth configurations.
Early bird and group (3+) discounts available! Info & registration: https://buff.ly/3PnrZJ6
Last week, I taught two 2-day classes, which is always insanely intense and really requires an enormous amount of energy. Fortunately, the feedback makes it worth it!
Now two weeks of doing some research and consulting. And of course, prepping the menu and trying out some dishes for the holidays!
Awesome research! It's always crazy how many vulnerabilities you can still find by just reading RFCs 🔥
Nice collection of #infosec Black Friday deals. github.com/0x90n/InfoSe...
#BlackFriday
Excited to be at the OWASP BeNeLux Days, with the wonderful security community. I will be speaking about Supercharging OAuth security slides here: https://buff.ly/4ikT64W), and doing a 1-day API security workshop. #appsec #infosec
Hey @webappsec.dev , any idea if there’s a way to make import() (developer.mozilla.org/en-US/docs/W...) work with nonce propagation? It works with ‘strict-dynamic’, but having explicit nonce propagation would also be nice …
I'm in the process of creating a *web security* starter pack and need your help finding more webbies here. Please share and recommend folks passionate about web security in comments below so we can get this community started here 🙂
go.bsky.app/Uf8dZhz
In a couple of weeks, I'm teaching two live online workshops, both consisting of a mix between lectures, demos, quizzes, and hands-on lab sessions:
- Securing Angular apps on Dec 2-3 (https://buff.ly/3uX8Rv1)
- Bulletproof APIs on Dec 5-6 (https://buff.ly/48JQM2Y)
Hope to see you there! #appsec
